This question already has an answer here:
is one of these option enough or i must use both?
$firstname = real_escape_string($_POST['firstname ']);
$lastname= real_escape_string($_POST['lastname']);
$email= real_escape_string($_POST['email']);
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
$stmt->execute();
or maybe using both of these can have conflict !?
pdo is different concept from mysqli,read question not just subject
</div>